/upw

Simple universal offline passwords manager.

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

MicroPassword: upw

Simple, fast and secure passwords manager

  • off-line
  • no third-party involved
  • passwords recoverable from any device with upw installed on
  • confidential CLI

Inspired from MasterPassword (mpw). Written in python.

Derive website compliant passwords from your master password and the domain name

upw provides a keys derivation tree from a login (confidential key) and a master password (secret key)

domain passwords format

  • 16 first characters sliced from the derived hash (masterkey + domain name)
  • Letter chars alternate from lowercase to uppercase
  • 1 digit on 2 is replaced by a special char from spec_char_list in config.yml following the array order reading

Example:

  • dC7b#5D%0b$8^Ac8
  • d3E#1%3aB$9^aDa6
  • 2fD#4f%E7cD$3^7b

Derivation tree:

Login + Master Password (Example: user + pwd)
  |- filename (hash function)
  |- masterkey (7e12c57de7836db62089f04ae02ea7de057ae49face85e657fabdfd0f2b12547)
  `- masterkey + domain (7e12c57de7836db62089f04ae02ea7de057ae49face85e657fabdfd0f2b12547 + facebook.com)
    `- domain password: 5#4d%0$3^2@Ec3F?

Algorithms used for critical computations

  • Keys derivation: hashlib.pbkdf2_hmac
  • User profile file encryption: cryptography.fernet

See more in config.yaml

Run instructions

$ source env/bin/activate
$ pip3 install -r requirements.txt
$ python3 upw.py

Unit test

$ python3 -m unittest